Merge pull request #333 from wultra/develop

Merge develop to master

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,22 @@
+name: "CodeQL"
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ 'develop', 'master', 'releases/**' ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ 'develop', 'master', 'releases/**' ]
+  schedule:
+    - cron: '0 2 * * 4'
+
+jobs:
+  codeql-analysis:
+    uses: wultra/wultra-infrastructure/.github/workflows/codeql-analysis.yml@develop
+    secrets: inherit
+    with:
+      languages: "['java']"
+      # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+      # Use only 'java' to analyze code written in Java, Kotlin or both
+      # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+      # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

docs/Readme.md

@@ -11,10 +11,10 @@ You can download the latest `powerauth-java-cmd.jar` at the releases page:
 ## Supported Java Runtime Versions
 
 The following Java runtime versions are supported:
-- Java 8 (LTS release)
-- Java 11 (LTS release)
+- OpenJDK 17 (LTS release) or higher
+- Oracle Java is not supported, please use OpenJDK.
 
-The command-line tool application may run on other Java versions, however we do not perform extensive testing with non-LTS releases. Java version 17 is not supported yet due to issues with running Bouncy Castle provider from a fat jar.
+Older Java versions are currently not supported due to migration to Spring Boot 3.
 
 ## Bouncy Castle Library Usage
 
@@ -30,21 +30,30 @@ The command-line tool usually communicates with the Enrollment server component,
 
 _Note: You must create this file before you can use the utility. Obtain the information from the PowerAuth Admin interface._
 
-Client configuration file is required for the correct function of the command-line utility. It contains the same information that would be bundled inside a mobile app after download from the application marketplace. The file stores application key, application secret and master server public key in a following format:
+Client configuration file is required for the correct function of the command-line utility. It contains the same information that would be bundled inside a mobile app after download from the application marketplace. The file stores application name and mobile SDK configuration in the following format:
 
 ```json
 {
   "applicationName": "PowerAuth Reference Client",
-  "applicationKey": "ivGlm/hl6rn9lSaD4qMgGw==",
-  "applicationSecret": "bI5pNbDdAXWUr/UQY5+Tpg==",
-  "masterPublicKey": "BO4+eqJPQTldjcV9G36dGiagsOHzgKgWz5uPuJKYwvIakbFmfWah1N4GXmBOS8aBEwQ+BcV04LL+OBBY0QS1bvg="
+  "mobileSdkConfig": "ARCVs2uD4HXnu1uiMLjzv3jUEKhL+EbC7De2hP0CE4QZYMIBAUEEc7WjproYfURYdEDEx7OwSR0A5A+5HNGgUXx8F6eT3KOeIhcsw7tN5PoZN7m3sKutqmUPBrSFqtcDkmQxKTXzlA=="
 }
 ```
 
 You must obtain the values for this file from the PowerAuth Admin interface:
 
 ![PowerAuth Admin Preview](./images/pa_admin_application_detail.png)
 
+Note: In case you use an older version of the PowerAuth server which does not contain the mobile SDK configuration parameter, configure the individual parameters in the following format:
+
+```json
+{
+  "applicationName": "PowerAuth Reference Client",
+  "applicationKey": "ivGlm/hl6rn9lSaD4qMgGw==",
+  "applicationSecret": "bI5pNbDdAXWUr/UQY5+Tpg==",
+  "masterPublicKey": "BO4+eqJPQTldjcV9G36dGiagsOHzgKgWz5uPuJKYwvIakbFmfWah1N4GXmBOS8aBEwQ+BcV04LL+OBBY0QS1bvg="
+}
+```
+
 ## PowerAuth Client Status File
 
 _Note: You should not create this file yourself. The utility creates it for you._
@@ -69,12 +78,12 @@ This file is automatically created by the utility after you call the `create` me
 ## Specifying PowerAuth Protocol Version
 
 Command-line tool supports following PowerAuth protocol versions:
-- Version `3.1` (default)
+- Version `3.2` (default)
+- Version `3.1`
 - Version `3.0`
-- Version `2.1`
-- Version `2.0`
 
-You can specify the version of protocol you want to use using parameter `version`. Both major and minor version needs to be specified for the command-line tool action, however the server stores only the major version in the database. The version affects used cryptography, for example version `2` activations use custom encryption, while version `3` activations use an integrated ECIES scheme.
+You can specify the version of protocol you want to use using parameter `version`. Both major and minor version needs to be specified for the command-line tool action, however the server stores only the major version in the database.
+The version affects used cryptography, for example version `3` activations use an integrated ECIES scheme.
 
 ## Supported Use-Cases
 
@@ -211,11 +220,13 @@ _Note: If a `--password` option is not provided, this method requires interactiv
 
 ### Validate Token
 
-Use a previously created token to authorize an operation.
+Token validation may be performed against any endpoint using [Token Based Authentication](https://github.com/wultra/powerauth-restful-integration/blob/develop/docs/RESTful-API-for-Spring.md#use-token-based-authentication).
+
+For example, use the previously created token to retrieve a list of operations.
 
 ```bash
 java -jar powerauth-java-cmd.jar \
-    --url "http://localhost:8080/enrollment-server/api/auth/token" \
+    --url "http://localhost:8080/enrollment-server/api/auth/token/app/operation/list" \
     --status-file "/tmp/pa_status.json" \
     --config-file "/tmp/pamk.json" \
     --method "validate-token" \
@@ -225,7 +236,9 @@ java -jar powerauth-java-cmd.jar \
     --token-secret "xfb1NUXAPbvDZK8qyNVGyw=="
 ```
 
-Uses the `validate-token` method for an activation with activation ID stored in the status file `/tmp/pa_status.json`, by calling an endpoint `/api/auth/token` hosted on root URL `http://localhost:8080/enrollment-server`. The endpoint must be published by the application -- see [Token Based Authentication](https://github.com/wultra/powerauth-restful-integration/blob/develop/docs/RESTful-API-for-Spring.md#use-token-based-authentication). Uses the application identifiers stored in the `/tmp/pamk.json` file. The request data is taken from file `/tmp/request.json`.
+Uses the `validate-token` method for an activation with activation ID stored in the status file `/tmp/pa_status.json`, by calling an endpoint `/api/auth/token/app/operation/list` hosted on root URL `http://localhost:8080/enrollment-server`.
+Uses the application identifiers stored in the `/tmp/pamk.json` file.
+The request data is taken from file `/tmp/request.json`.
 
 You can use the `dry-run` parameter, in this case the step is stopped right after signing the request body and preparing appropriate headers.
 
@@ -276,7 +289,6 @@ There is a required format of both `identity.json` and `custom-attributes.json`
 
 _Note: If a `--password` option is not provided, this method requires interactive console input of the password, in order to encrypt the knowledge related signature key._
 
-_Note: In protocol version `2.x` you need to provide a full URL in `--url` parameter, pointing to the custom activation endpoint._
 
 ### Send Encrypted Data to Server
 
@@ -449,7 +461,9 @@ If you are using HTTPS, make sure you are using valid SSL certificate or that yo
 
 **Error: JCE cannot authenticate the provider BC**
 
-Please use a supported Java Runtime Version (LTS release of Java 8 or 11).
+Please use a supported Java Runtime Version (OpenJDK 17 or higher, not Oracle Java).
+
+See: https://github.com/wultra/powerauth-cmd-tool/issues/232#issuecomment-1730848437
 
 ## License
 

pom.xml

@@ -27,7 +27,7 @@
 
     <groupId>io.getlime.security</groupId>
     <artifactId>powerauth-cmd-parent</artifactId>
-    <version>1.4.0</version>
+    <version>1.5.0</version>
     <packaging>pom</packaging>
 
     <inceptionYear>2016</inceptionYear>
@@ -73,19 +73,21 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <maven.compiler.source>1.8</maven.compiler.source>
-        <maven.compiler.target>1.8</maven.compiler.target>
-        <maven-source-plugin.version>3.2.1</maven-source-plugin.version>
-        <maven-deploy-plugin.version>3.0.0</maven-deploy-plugin.version>
-        <maven-javadoc-plugin.version>3.4.1</maven-javadoc-plugin.version>
-        <spring-boot.version>2.6.14</spring-boot.version>
-        <bc.version>1.72</bc.version>
+        <maven.compiler.source>17</maven.compiler.source>
+        <maven.compiler.target>17</maven.compiler.target>
+        <maven-source-plugin.version>3.3.0</maven-source-plugin.version>
+        <maven-deploy-plugin.version>3.1.1</maven-deploy-plugin.version>
+        <maven-javadoc-plugin.version>3.6.0</maven-javadoc-plugin.version>
+        <maven-enforcer-plugin.version>3.4.1</maven-enforcer-plugin.version>
+        <spring-boot.version>3.1.3</spring-boot.version>
+        <bc.version>1.76</bc.version>
         <commons-cli.version>1.5.0</commons-cli.version>
-        <commons-io.version>2.11.0</commons-io.version>
+        <commons-io.version>2.13.0</commons-io.version>
         <json-simple.version>1.1.1</json-simple.version>
-        <powerauth.version>1.4.0</powerauth.version>
-        <wultra-java-core.version>1.6.0</wultra-java-core.version>
-        <maven-surefire-plugin.version>2.22.2</maven-surefire-plugin.version>
+        <powerauth-restful-integration>1.5.0</powerauth-restful-integration>
+        <powerauth-crypto.version>1.5.1</powerauth-crypto.version>
+        <wultra-core.version>1.7.0</wultra-core.version>
+        <maven-surefire-plugin.version>3.1.2</maven-surefire-plugin.version>
     </properties>
 
     <dependencyManagement>
@@ -112,6 +114,14 @@
         </dependencies>
     </dependencyManagement>
 
+    <dependencies>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <scope>provided</scope>
+        </dependency>
+    </dependencies>
+
     <build>
         <plugins>
             <plugin>
@@ -149,6 +159,35 @@
                 <artifactId>maven-deploy-plugin</artifactId>
                 <version>${maven-deploy-plugin.version}</version>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-enforcer-plugin</artifactId>
+                <version>${maven-enforcer-plugin.version}</version>
+                <dependencies>
+                    <dependency>
+                        <groupId>de.skuzzle.enforcer</groupId>
+                        <artifactId>restrict-imports-enforcer-rule</artifactId>
+                        <version>2.4.0</version>
+                    </dependency>
+                </dependencies>
+                <executions>
+                    <execution>
+                        <id>enforce-banned-java-imports</id>
+                        <goals>
+                            <goal>enforce</goal>
+                        </goals>
+                        <configuration>
+                            <rules>
+                                <RestrictImports>
+                                    <!--  https://github.com/google/guava/issues/2960  -->
+                                    <reason>Guava depends on jsr305 but we prefer jakarta in our code</reason>
+                                    <bannedImport>javax.annotation.**</bannedImport>
+                                </RestrictImports>
+                            </rules>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
 

powerauth-java-cmd-lib/pom.xml

@@ -10,7 +10,7 @@
     <parent>
         <artifactId>powerauth-cmd-parent</artifactId>
         <groupId>io.getlime.security</groupId>
-        <version>1.4.0</version>
+        <version>1.5.0</version>
     </parent>
 
     <dependencies>
@@ -42,17 +42,17 @@
         <dependency>
             <groupId>io.getlime.security</groupId>
             <artifactId>powerauth-restful-model</artifactId>
-            <version>${powerauth.version}</version>
+            <version>${powerauth-restful-integration}</version>
         </dependency>
         <dependency>
             <groupId>io.getlime.security</groupId>
             <artifactId>powerauth-java-crypto</artifactId>
-            <version>${powerauth.version}</version>
+            <version>${powerauth-crypto.version}</version>
         </dependency>
         <dependency>
             <groupId>io.getlime.security</groupId>
             <artifactId>powerauth-java-http</artifactId>
-            <version>${powerauth.version}</version>
+            <version>${powerauth-crypto.version}</version>
         </dependency>
 
         <dependency>
@@ -79,14 +79,8 @@
         <dependency>
             <groupId>io.getlime.core</groupId>
             <artifactId>rest-client-base</artifactId>
-            <version>${wultra-java-core.version}</version>
+            <version>${wultra-core.version}</version>
         </dependency>
-
-        <dependency>
-            <groupId>org.projectlombok</groupId>
-            <artifactId>lombok</artifactId>
-        </dependency>
-
     </dependencies>
 
 </project>

powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/CmdLibApplication.java

@@ -39,16 +39,11 @@ public class CmdLibApplication {
      */
     @Bean
     public StepLogger stepLogger(StepLoggerConfig config) {
-        switch (config.getType()) {
-            case DISABLED:
-                return DisabledStepLogger.INSTANCE;
-            case JSON:
-                return new JsonStepLogger(System.out);
-            case OBJECT:
-                return new ObjectStepLogger(System.out);
-            default:
-                throw new IllegalStateException("Not supported step logger type: " + config.getType());
-        }
+        return switch (config.getType()) {
+            case DISABLED -> DisabledStepLogger.INSTANCE;
+            case JSON -> new JsonStepLogger(System.out);
+            case OBJECT -> new ObjectStepLogger(System.out);
+        };
     }
 
 }

powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/consts/PersistenceType.java

@@ -31,6 +31,6 @@ public enum PersistenceType {
     /**
      * Memory
      */
-    MEMORY;
+    MEMORY
 
 }

powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/consts/PowerAuthConst.java

@@ -16,7 +16,7 @@
  */
 package io.getlime.security.powerauth.lib.cmd.consts;
 
-import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse;
+import io.getlime.security.powerauth.rest.api.model.response.EciesEncryptedResponse;
 import org.springframework.core.ParameterizedTypeReference;
 
 import java.nio.charset.StandardCharsets;
@@ -36,7 +36,6 @@ public class PowerAuthConst {
     /**
      * Most common response type reference for version 3
      */
-    public static final ParameterizedTypeReference<EciesEncryptedResponse> RESPONSE_TYPE_REFERENCE_V3 =
-            new ParameterizedTypeReference<EciesEncryptedResponse>() { };
+    public static final ParameterizedTypeReference<EciesEncryptedResponse> RESPONSE_TYPE_REFERENCE_V3 = new ParameterizedTypeReference<>() {};
 
 }

powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/consts/PowerAuthStep.java

@@ -160,17 +160,17 @@ public enum PowerAuthStep {
     /**
      * Alias name of the step
      */
-    String alias;
+    private final String alias;
 
     /**
      * Description of the step
      */
-    String description;
+    private final String description;
 
     /**
      * Unique identification of the step
      */
-    String id;
+    private final String id;
 
     /**
      * @return Alis of the step